Vulnerability DatabaseCVE-2023-29194
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2023-29194
April 14, 2023
Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing `/` characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces using `vtctldclient GetKeyspaces` will also return an error. Note that all other keyspaces can still be administered using the CLI (vtctldclient). This issue is fixed in version 16.0.1. As a workaround, delete the offending keyspace using a CLI client (vtctldclient).
Affected Packages
vitess.io/vitess (GO):
Affected version(s) >=v0.0.0-20140430204322-166937eb27f4 <v0.16.1
Fix Suggestion:
Update to version v0.16.1
Related Resources (6)
https://github.com/vitessio/vitess/security/advisories/GHSA-735r-hv67-g38f
https://github.com/vitessio/vitess/commits/v0.16.1
https://github.com/vitessio/vitess
https://nvd.nist.gov/vuln/detail/CVE-2023-29194
https://github.com/vitessio/vitess/commits/v0.16.1/
https://github.com/vitessio/vitess/commit/adf10196760ad0b3991a7aa7a8580a544e6ddf88
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.1
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
HIGH
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
LOW
CVSS v3
Base Score:
4.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality
NONE
Integrity
NONE
Availability
LOW
Weakness Type (CWE)
Improper Input Validation
CWE-20
Improper Check or Handling of Exceptional Conditions
CWE-703
EPSS
Base Score:
0.11